[sdw2003] Whitelisting discussion?
Tracy Reed
treed at ultraviolet.org
Tue Jan 19 15:22:15 PST 2010
On Tue, Jan 19, 2010 at 03:09:36PM -0800, Thaddeus Braun spake thusly:
> Tracy brings up a very good point. Who is running any whitelisting
> software out there, and how do you like it so far? Tracy, can you expand
> a little on your thoughts about whitelisting not being ready for prime
> time?
I haven't used any but Bruce Schneier discusses it here:
http://www.schneier.com/blog/archives/2009/11/is_antivirus_de.html
saying:
Certainly security would be improved if people used whitelisting
programs such as Bit9 Parity and Savant Protection -- and I
personally recommend Malwarebytes' Anti-Malware -- but a lot of
users are going to have trouble with this. The average user will
probably just swat away the "you're trying to run a program not on
your whitelist" warning message or -- even worse -- wonder why his
computer is broken when he tries to run a new piece of
software. The average corporate IT department doesn't have a good
idea of what software is running on all the computers within the
corporation, and doesn't want the administrative overhead of
managing all the change requests. And whitelists aren't a panacea,
either: they don't defend against malware that attaches itself to
data files (think Word macro viruses), for example.
Anyone interested in security should have his blog on their RSS
feed. He has many very good insights. His thoughts on whitelisting
mirror my own.
--
Tracy Reed
http://tracyreed.org
More information about the sdw2003
mailing list